Solved

Sync local AD passwords to Office 365?

Posted on 2014-07-24
9
501 Views
Last Modified: 2014-08-11
I am reading through a lot of information about Office 365 and AD password sync/dirsync, etc. and getting a tad confused as to the best path to take.

I am looking for the simplest way to have my local AD passwords get synced with Office 365 accounts. I don't care about 2 way sync, just something simple to take my AD passwords and have them overwrite the Office 365 passwords.

thanks
0
Comment
Question by:mvalpreda
9 Comments
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40218368
There is one (and only one) way to do that. Dirsync.
0
 
LVL 2

Author Comment

by:mvalpreda
ID: 40218379
Will Dirsync allow me to choose what I want to sync? Do I need to set up AD FS?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40218386
Dirsync syncs all of the object types and attributes it supports. There is no selective syncing. ADFS does not sync at all. It is a different set of tools to address different scenarios... mainly true single sign-on scenarios when it comes to O365.
0
 
LVL 2

Author Comment

by:mvalpreda
ID: 40218405
If I have a bunch of old user objects in AD....how will it process those? Or just skip them if the UPN doesn't match anything at O365?
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40218414
They will get synced like everything else. Dirsync does not activate any licenses. It is still up to you to do that. You'll just see a bunch of inactive accounts in O365 after the first sync. It is best to clean up AD before dirsync if you have a bunch of objects not in use.
0
 
LVL 2

Author Comment

by:mvalpreda
ID: 40218419
If I sync and then clean up AD, will it delete those inactive accounts from O365?

Is it best to have the UPN set up on all my accounts to match email addresses in O365?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40218445
If you are going to run DirSync, you need to understand how it runs and how to administer it. Read the documentation. Truly. All these questions are answered in there and running it without reading about it is a great way to get yourself in trouble. It is a lot more efficient than playing whack-a-mole with all these questions.
0
 
LVL 39

Accepted Solution

by:
Vasil Michev (MVP) earned 250 total points
ID: 40218563
You can configure filtering for dirsync, so that only select object are synced to O365:

http://technet.microsoft.com/en-us/library/jj710171.aspx

Here's also comparison between using dirsync with password sync and AD FS:

http://blogs.office.com/2013/07/26/password-hash-sync-simplifies-user-management-for-office-365/
0
 
LVL 7

Assisted Solution

by:Philonator
Philonator earned 250 total points
ID: 40226732
There are four viable options

1.  use Dir Sync with password sync

2. Use ADFS which will federate your domain to the cloud

3. user power shell and set all your user passwords to never change:
Connect-MsolService -cred $cred
Get-MSOLUser | Set-MsolUser -PasswordNeverExpires $true

4. Use a third party tool like:
http://www.messageops.com/software/office-365-tools-and-utilities/office-365-password-synchronization/
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Find out what you should include to make the best professional email signature for your organization.
Read this checklist to learn more about the 15 things you should never include in an email signature.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now